diff options
author | Mike Frysinger <vapier@gentoo.org> | 2012-12-03 01:15:15 -0500 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2012-12-24 03:01:36 -0500 |
commit | 26ad6af1a4f246bda3cd7a19a24c1767ec9c835e (patch) | |
tree | d660468151bd7137f889463ce37876586b1013bd /tests/utime-0.c | |
parent | sb_gdb: improve gdb integration (diff) | |
download | sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.tar.gz sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.tar.bz2 sandbox-26ad6af1a4f246bda3cd7a19a24c1767ec9c835e.zip |
libsandbox: fall back to tracing set*id programs
If we are non-root and run a set*id program, the ldso will ignore our
LD_PRELOAD (rightly so). Unfortunately, this opens up the ability to
run set*id apps that modify things and sandbox cannot catch it.
Instead, force ptracing of these ELFs. While the kernel will disallow
the set*id aspect when running, for the most part, that shouldn't be a
problem if it was already safe.
URL: http://bugs.gentoo.org/442172
Reported-by: Nikoli <nikoli@lavabit.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'tests/utime-0.c')
0 files changed, 0 insertions, 0 deletions